back to article Pressure mounts against Rule 41 – the FBI's power to hack Tor, VPN users on sight

The campaign against Rule 41 – which will give cops and Feds in America the power to hack people's computers around the world – has kicked up a gear. Leaders of the US House of Representatives and Senate got a letter today urging them to block the rule change before it becomes permanent in December. The proposed legislative …

  1. moiety

    "would allow a US magistrate judge to grant law enforcement access to any stored data on a computer, phone, or any storage device around the world that was suspected of being "related" to a crime."

    "any storage device"? "suspected"? "related"? "around the world"?

    Playing a bit out of your jurisdiction a bit there aren't you, you cheeky fucks? Remember also that if you announce open season on the rest of the world, the rest of the world is likely to respond in kind.

    1. Phil W

      Bad I.N.T.E.L.L.I.G.E.N.C.E.

      "America, fuck yeah!

      Comin' again to save the mother fuckin' day yeah!

      America, fuck yeah!

      Freedom is the only way yeah!

      Terrorists your game is through, 'cause now you have to answer to...

      America, fuck yeah!

      So lick my butt and suck on my balls!

      America, fuck yeah!

      Whatcha gonna do when we come for you now?"

      Seriously though, when has jurisdiction, international law or sovereignty ever stopped USA law enforcement and intelligence doing whatever the fuck they want?

      America is the land of the free, where the government are free to do whatever the fuck they want to whoever the fuck they like. For freedom. Oh and money, definitely for money.

      1. Anonymous Coward
        Anonymous Coward

        @ Phil W.

        "Seriously though, when has jurisdiction, international law or sovereignty ever stopped USA law enforcement and intelligence doing whatever the fuck they want?"

        Humm, one comes to mind. IOs9 Remember NOTHING gets approval without the approval of another Blubberment. NOTHING!

      2. Anonymous Coward
        Anonymous Coward

        Re: Bad I.N.T.E.L.L.I.G.E.N.C.E.

        FYI the article forgot to mention that President Obama supports Rule 41.

    2. edge_e
      Facepalm

      "any storage device"? "suspected"? "related"? "around the world"?

      I presume this will require the same amount of proof as civil forfeiture ?

      https://www.youtube.com/watch?v=3kEpZWGgJks

    3. Adam 1 Silver badge
      1. Anonymous Coward
        Anonymous Coward

        "People keep saying this sort of thing but there is absolutely no evidence of other places responding in kind. None whatsoever. Like, wouldn't ever happen. C'est impossible! Never."

        For those (as myself, initially, who haven't spotted your irony by following your link!), I'd have to say the following: au contraire, it's almost routine and increasing in frequency. All the way up to the Court of Justice of the European Union, which is quite happy to adopt Britain's habit of shooting one pour encourager les autres (per the mis-translation of Voltaire's observation).

        In fairness, the increase in frequency may reflect the USA's perceived decline in economic and political power, just as does the presidential election.

        1. Anonymous Coward
          Anonymous Coward

          while we are poop throwing

          >In fairness, the increase in frequency may reflect the USA's perceived decline in economic and political power, just as does the presidential election.

          No it is one last fsck you from the Baby Boomers. Then went found the two shittiest choices of their generation (W couldn't run again and the next best thing Jed was too reasonable).

    4. Wolfclaw Silver badge

      and when the Russians/Chinese/NK grant their agencies the same laws, the US while cry fowl and blame everbody but the muppets who allowed the rules to go through !

    5. Dave 15

      The rest of the world might but...

      But...

      a) The Americans spend so much more of (our) money on 'defence' than anyone else no one could hurt them

      b) The Europeans and Brits especially can never find fault in anything the yanks do... even if it is to invade another country to secure the oil

      c) The Russian and Chinese are probably already doing much the same

      d) The British ARE doing the same

      e) The British government (and most European ones) are so far up the Americans....... that we ALL use their weapons and weapons systems (just look at the British buying American planes for the aircraft carriers... despite the fact that the Americans deliver their planes late, just like they turn up to wars late). Given we use their technology what chance do we have of winning... they know all the bugs, the back doors etc etc etc

      No, frankly the Americans can do this sort of thing and really don't give a toss whether it is sensible (America sensible... that would be the day), whether others approve (after all they have more nukes so you can get stuffed) or whether it tramples all over the 'sovereignty' of others because they will just invade on some cockermaeny excuse about your alleged weapons of mass destruction.

  2. Baldy50

    Signed the petition!

    New something like this was coming. B'stards.

    So if you use go online whilst using Tor on the WiFi in a café for example with no CCTV, apart from the data your browser gives away and what site you visited can they really tell it was you?

    Try this you'll probably not be surprised at all.

    https://panopticlick.eff.org/

    Click on 'fingerprinting'! An eye opener to the less tech savvy on here, which unfortunately includes me to a degree!

    1. Paul Crawford Silver badge

      Re: fingerprinting

      What the web browser dev should be doing is fixing this, not endless dicking around with GUIs or finding ever smarter ways to whore us to the advertisers.

      We should have browsers that only yield the minimum of necessary information back to a web site, and that tricks like canvas rendering hashes, etc, are deliberately broken by inducing some ~1/2 pixel random dither in the drawing so now two hashes are ever the same.

      And that is before we get in to the unholy mess of SSL certificates and the half-measures like pining to try and catch MITM by state level actors.

      1. Mark 85 Silver badge
        Unhappy

        Re: fingerprinting

        While I agree, that goes against the grain of those sponsoring the writing of browsers. What you want would kill off "targeting advertisers"... which seems to be what the Web is all about these days.

      2. Nigel 11

        Re: fingerprinting

        We should have browsers that only yield the minimum of necessary information back to a web site

        You can run your browser of choice within a virtual machine. Clone or even build a new VM for each browsing session, or for each site visited if you are truly paranoid.

        You're still traceable by IP address, of course, but at least your created-anew browsers won't leak personal information from one site to another.

        I'm not that paranoid, though.

  3. Disk0
    Unhappy

    SMH

    Shaking My Head sounds about right. Props to Wyden and Paul for addressing this flagrant attempt at appropriating everyone's online space.

    1. Dadmin

      Re: SMH

      Ohhhh! HAHA! I always that that acronym meant: Suck Me Hard

      I kid you not. It is known.

  4. Anonymous Coward
    Anonymous Coward

    So long as they leave Rule 34 alone, that's fine.

    1. Michael H.F. Wilkinson Silver badge

      Or Rule One, for that matter

  5. I Like Heckling

    HMA... MY Arse

    Anything involving HMA immediately cause me suspicion... after all this is the company who claim they don't keep logs of users activity, and that you can be anonymous if you use their service... and yet are able to use those non-existent logs to give user information to whatever authority demands them.

    How do I know... because I used to use their service until it became obvious that they're were lying about their services and are in fact collecting detailed logs on every user... Remember that member of anonymous that got caught... tracked down via data from the HMA account he was using.

    Take my advice... don't trust them... and anything they are involved in under the guise of protecting privacy or security of anything is a smokescreen. They will sell their users out at the drop of a hat.

    1. chris 17 Bronze badge

      Re: HMA... MY Arse

      Have any links to evidence to support your claims?

      The internet is awash with opinions and hearsay with little fact to back claims up.

  6. John Smith 19 Gold badge
    Gimp

    "it’s about the FBI not wanting to do paperwork,”

    Data fetishists.

    There everywhere.

    1. Sir Runcible Spoon Silver badge
      Joke

      Re: "it’s about the FBI not wanting to do paperwork,”

      They're everywhey're

  7. I Am Spartacus
    Big Brother

    Back Hack TOR?

    Really? Has anyone stopped to think quite HOW this rule will be enacted? It's one thing to say that because people don't publish their conversations or web browsing that, a) they must be nefarious, and thus b) We have to know who, what, why and where, and the c) [the hard part] actually doing this.

    First, to find out who this TOR user is and where they are located is not trivial. It requires either back tracking packets coming in to the network, or having a serious attempt to poison TOR. Neither are trivial to do. Use a TOR enabled browser and your packets payload get encrypted from the moment they are generated, making this much, much harder.

    Second, if TOR is routing around the world, any attempt by the FBI it act outside of its jurisdiction is liable to have them breaking other countries laws.

    But OK, they have done six impossible things before breakfast, and found out who you are and where yiou are. Now they want to gain access to your machine. So, they need a hole or backdoor. And this is going to come from where? Can you see Apple building this in to OSX and IOS? Micro$soft may be, but even they have some scruples. Linux? Never.

    And then, they are in to your host. They have to now break your own encryption key on your disk.

    Eventually, they find out that all they have is some teenager looking at p0rn but not wanting his parents to know (because the only reason they didn't do so is because the web wasn't invented then).

    Next someone will tell me that any encryption from outside the US is purely theoretical.

    1. Anonymous Coward
      Anonymous Coward

      Re: Back Hack TOR?

      Once its legal, then they can apply for even more cash to achieve it. GCHQ, NSA et al wallow in cash.

      Every new power they are given allows them to apply for more powers. Never has anyone said, thats the last power you get and stuck to it. We're not that far off having to route (by law) all comms through secret service infra now.

    2. Baldy50

      Re: Back Hack TOR?

      But if the US government for example could institute a program of surreptitiously joining the Tor network and with the support of individuals with no apparent connection to that government helping them, they could set up tor relays that are monitored and gain a far better chance of breaking into Tor, but it would literally have to be done on a large scale worldwide and have various governments involved.

      What vetting is done to someone wishing to help the Tor network and I'm sure if lots of other contributors suddenly wanted to help it would throw up a red flag?

      You can break anything if you hit it hard enough!

  8. EddieD

    Google are playing both sides, in my opinion

    Given that accessing Google using Tor is becoming increasingly hard - trying this morning I got faced by 3 captchas, and when I passed that, the search returned a 503 error - I think that they're being a little mealy mouthed.

    If they're in favour of the use of Tor, they should not make it so hard to access their services using the technology.

  9. Mutton Jeff

    If you've nothing to hide...

    They'll fit you up with something.

  10. FIA

    "would allow a US magistrate judge to grant law enforcement access to any stored data on a computer, phone, or any storage device around the world that was suspected of being "related" to a crime."

    Are magistrates in the US the same as the UK??

    I remember a few years ago chatting to my mum, and she was considering applying to be a magistrate. Now; whilst I love my mum very much and would trust her judgement when it comes to issues like Mrs Johnsons massive bush obscuring the light to her neighbours back porch I'm not sure she should be ruling on matters of international security.

    I assume a magistrate in the US Is a little different??

    1. Slx

      Definitely different!

      They're professional judges the that are appointed to assist US District Court judges and would hear a lot of the first instance type cases. Its still a pretty low level of court by any standards though.

      England, Wales and Scotland are actually highly unusual in having non-professional judges, at least for developed world countries. Magistrates were scrapped as a concept in what is now the Republic of Ireland in 1924 as the idea of non-professional judges was considered unacceptably risky for the administration of justice. There had been a history of the original 'Petty Sessions' lay judges being members of the aristocracy / the local big noise and some really questionable rulings were made that had inflamed the political situation in the 19th / early 20th centuries.

      In Northern Ireland it was reformed in 1935 where you had to be a solicitor / barrister of at least six-years standing and then again in 2008 where it moved to professional judges in parallel with the republic.

      I'm actually fairly amazed that the old magistrate system continues in the England and Wales and in Scotland as Justice of the Peace.

      Being tried by some non-professional judge always struck me as very odd in the modern era.

      I know this is the wrong kind of geekery for this site, but just thought I'd clear it up :P

      1. sysconfig

        @Six: Re: Definitely different!

        Thanks for that rather insightful post. I didn't know any of that. Very interesting.

      2. FIA

        @Six Re: Definitely different!

        Thank you! That was very informative; it now doesn't seem quite so ludicrous.(Just deeply worrying).

      3. Asterix the Gaul

        Re: Definitely different!

        I think that it goes back to Magna Carta & the 'right' to be tried by one's 'peers'.

        "To no one will we sell, to no one will we refuse justice".

        "No freeman shall be taken or imprisoned or outlawed or exiled or in anyway destroyed... except by the lawful judgement of his peers or by the law of the land".

        "We will appoint as justices, constables, sheriffs, or bailiffs only such as know the law of the kingdom and mean to observe it well".

        NOT that justice has always been seen to be done,it hasn't, many a magistrate has placed(WRONGLY)100% store by what the police have put in front of them as 'evidence',leading to manifest cases of injustice.

    2. Anonymous Coward
      Anonymous Coward

      That Mrs Johnson

      Never could control her bush...

      1. A Ghost
        WTF?

        Re: That Mrs Johnson

        Good question. How is Mrs. Johnson's massive bush?

        Last I heard someone broke in in the middle of the night and cut her plot down to size.

        She wasn't very happy apparently.

        Probably just a vicious rumour. Any one know for sure?

  11. Baldy50

    Possible option?

    I have a media storage device 1.5 Tb and it has a WiFi range of about 45 feet, so would the plod even think of looking for such a device when packing all your gear up into a van?

    As long as connected to power it could be secreted pretty much anywhere and very hard to find, does not need to be plugged into your PC or whatever to be accessed and the files it contains could be encrypted as well.

    Symantec bought PGP in 2010 but what else is out there and has any one used this tool, http://www.safehousesoftware.com/SafeHouseExplorer.aspx

    Not available for the OS I use anyway but just curious.

    1. Sir Runcible Spoon Silver badge
      Facepalm

      Re: Possible option?

      "As long as connected to power it could be secreted pretty much anywhere and very hard to find,"

      It's giving out radio waves - how will that not be hard to find?

      1. kyndair

        Re: Possible option?

        to be fair unless you live in the middle of nowhere with no neighbours at all most places are so full of wi-fi signals plod is unlikely to be able to determine that one of them is your secret wi-fi nas

        1. Sir Runcible Spoon Silver badge

          Re: Possible option?

          Fair point - I live in the sticks so that hadn't occurred :)

        2. Blake Davis

          Re: Possible option?

          It's not that difficult with a handheld scanner and directional antenna.

      2. Baldy50

        Re: Possible option?

        And my question was, Would the plod even look for one? If it were renamed BT something or other it could very easily go unnoticed.

        Are they really going to power up the kit in your domicile and check it there and then?

  12. Christoph Silver badge

    We can hack you, you can't hack us. Because we make the rules.

    The US has often demanded the extradition of anyone it suspects of trying to hack into US computers from another country.

    If they pass a law allowing them to hack into computers in any other country, how co-operative are other countries likely to be with future extradition demands?

    This doesn't apply for the UK of course who are delighted to hand over their citizens with no reciprocal arrangement.

  13. PK

    I kinda feel sorry for ...

    ...the poor little FBI pleb to gets ordered by a judge to go and fetch Putin's PC.

    1. Fatman Silver badge

      Re: I kinda feel sorry for ...

      and gets lined up against the wall of the Kremlin, and shot.

  14. The Purple Dinosaur

    I'm not sure if the scope of this article is totally correct but more biging-up for effect?

    Upon reading the proposed amendments to Federal Law Rule 41 there is no statement that the jurisdiction applies outside of the US. The rule changes look to expand the jurisdiction from

    “a magistrate judge with authority in the district...." to

    “(6) a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize electronically stored information located within or outside that district.”

    This is still a huge issue and brings into question the fourth amendment, not least by the removal of oversight. The upshot is that remote access might result in a device outside of the US being hacked.

    The amendment also provides the US government free uncontrolled ability to use Malware, hacking and other malicious techniques to gain access to suspects data, again without oversight. However, unless there are bi-lateral agreements between countries, the US will still have no power to force access on a device outside the US. ...oh... hang on..... US & UK have such a bi-lateral agreement. Oops! Germany do not. Does that mean we would be better in the EU than out????? :)

    It is worth noting that the subcommittee voted against this rule change in the first reading but approved it anyway!

    1. moiety

      The direct quote still boils down to "anyone anywhere, because we say so".

  15. Anonymous Coward
    Anonymous Coward

    Wonder how The FBI is allowed to create a law that basically says it's allowed to hack any business it likes without oversight.

  16. Terry Cloth
    Devil

    [G]etting congressional attention...

    ... to something so seemingly mundane – yet so vital – could be difficult.

    And how is this different from the preceding seven and some years?

  17. A Ghost
    Alien

    I'm more concerned

    with Mrs. Johnson's massive bush (see above for sparse details).

    As for the rest of the malarkey, well, the criminally insane won't stop if you just say 'I'd prefer it if you didn't and also here is another reason or two why this is a bad idea', will they?

    Out of control psychopaths are gonna, er, outta control psychopath.

    Not until these menaces are rounded up and put into the rubber rooms, will they stop being a plague on all good, decent and honorable people, just trying to get by best they can with their lives.

    Jesus, don't these fuckers have any humanity? A relative with a slow painful death from cancer perhaps? Half the family wiped out in a car crash? Wife gets debilitating progressive neurological illness forcing her to give up work and die an even slower and more painful death via bodily decay? No?

    What the fuck, are these fuckers aliens or what? It's like, they aren't human. Does human suffering not affect them? Do they enjoy human suffering? Get off on it?

    They are hurting us. We are telling them they are hurting us. We are asking them to stop hurting us. So they hurt us even more.

    Best not to try and rationalize the actions of the criminally insane. Sick parasitical individuals who use god and country and the flag and national security and terrists, and people that don't clean up their dog poop after them (right on that one at least), parents that game the system to send their child to a school where they won't be beat up twice a day, people who complain about their rubbish not being collected, people who put too much rubbish into their bins to be collected... all to further their insane cause. Jobs for the boys, boys.

    Before too much longer, people are going to realise that this is not going to go away, and they might have to do what generations past did, when things got to this stage. Yup.

    I should be shocked, but I'm not, and that's the most shocking thing of all.

    As for Mrs. Johnson's massive bush, I want to know if the rumours are true...

  18. anonymous boring coward Silver badge

    "the rather unfortunately named Hide My Ass VPN"

    I don't even own a donkey.

    I didn't realise that many still do -and have a need to hide them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019